The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and run the @midscene/computer package. This is a vendor-provided resource necessary for the skill's core functionality.
[COMMAND_EXECUTION]: The skill executes shell commands to perform desktop automation, which includes taking screenshots and simulating keyboard and mouse events on the host system.
[DATA_EXFILTRATION]: To perform its tasks, the skill captures screenshots of the user's desktop and sends them to third-party AI model providers (such as Google Gemini, OpenAI, or Alibaba Qwen) for processing. These screenshots may contain sensitive user information visible on the screen.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Since the AI agent interprets the visual state of the desktop to determine its actions, malicious text or visual elements encountered on the screen (e.g., in a browser window) could be used to manipulate the agent's behavior. • Ingestion points: System screenshots captured during the act and assert workflows in SKILL.md. • Boundary markers: No specific delimiters or safety instructions are implemented to prevent the AI from obeying instructions found within the visual data of the screenshots. • Capability inventory: Extensive system control via the act command, including the ability to type, click, and navigate the UI. • Sanitization: No visual or textual sanitization is performed on the screen captures before they are sent to the AI model.

computer-automation